Skip to content Skip to sidebar Skip to footer
Home / Android / Digital Signature / Jwt / Safetynet / Validation

Android Safetynet Jwt Signature Verification

Post a Comment
I'm trying to understand how the jwt signature validation works. This is how I'm doing it at the moment: 1) My app calls the attest api 2) My app sends the jwt to my server 3) My s

Solution 1:

The key point is verify that the signing certificate is issued to attest.android.com by a trusted Certificate Authority

Any trusted CA will issue a fake certificate to attest.android.com. See what happens if they engage in bad practices https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html?m=1

See Google's doc

Verify the compatibility check response

You should take steps to make sure that the compatibility check response actually came from the SafetyNet service and includes data that matches your request data.

Caution: You should send the entire JWS response to your own server, using a secure connection, for verification. We don't recommend that you perform the verification directly in your app because, in that case, there is no guarantee that the verification logic itself hasn't been modified.

Follow these steps to verify the origin of the JWS message:

  1. Extract the SSL certificate chain from the JWS message.

  2. Validate the SSL certificate chain and use SSL hostname matching to verify that the leaf certificate was issued to the hostname attest.android.com.

  3. Use the certificate to verify the signature of the JWS message.

  4. Check the data of the JWS message to make sure it matches the data within your original request. In particular, make sure that the nonce, timestamp, package name, and the SHA-256 hashes match.

The second dot requires to validate the certificate chain. It is assumed that it is used a Trust Manager containing the root certificate of the Certificate Authority

I have inspected Google's sample code in OfflineVerify to ensure the existence of a TrustManager because it is not explictly said, and it is effectively used during JWS verification. It uses the default system TrustManager, but you can use a custom one

Note that is used JWS (Json Web Signature), not JWT. A JWT is usually an authentication token signed with JWS

Solution 2:

You did grasp the concept correctly. However something that you overlooked is that the lib you use is probably verifying that the certificate from which it extracts the public keys is a valid and a 'trusted' certificate (AKA comes from a trusted CA)

Thanks to this (and like the doc points it out) you need to verify yourself that the certificate has been issued by a "attest.android.com". No one will be able to forge a certificate to make it comes from this CA because.

This is what I understood at least, please correct me if I am wrong.

Post a Comment for "Android Safetynet Jwt Signature Verification"